The Auditing Standards Board at work - interviews with selected members. (includes related article) (Interview)by Craig, James L., Jr.
The CPA Journal editors Douglas R. Carmichael and James L. Craig, Jr., met with the chairman and four other members of the AICPA Auditing Standards Board (the "Board") to learn more about how the Board operates, what projects they are currently working on, and where it is headed. The editors also asked how the members felt the Board was doing in providing guidance to practitioners, especially those in local firms, to help cope with today's practice problems. Before meeting with the Board members, Craig had a conversation with Dan M. Guy AICPA Vice President, Auditing, about his involvement with the Board and other activities in assisting practitioners in the conduct of audits and other assurance functions. That conversation was presented in the January issue of Th CPA Journal and serves as background for this month's discussion.
The Board has 15 members, 13 of whom are CPAs in public practice. The remaining members are from government and academia. All the six largest firms have representatives on the Board and the remaining seven practitioners are from regional and local firms. The members with whom the editors spoke are intended to represent a cross section of the Board. A biographical sketch of each interviewee is presented in a sidebar. The discussion opens with a few background questions directed to Chairman John B. Sullivan.
The CPA Journal: We understand from our discussions with AICPA Vice President Dan Guy that task forces are the working unit for developing auditing standards
John B. Sullivan: The lead task force is the Audit Issues Task force (AITF), which not unlike the EITF of the FASB, identifies matters the Board may wish to consider. Once the Board gives the go-ahead for a project, the AITF assigns the project to and prepares a charge for an appropriate task force or creates one i one does not exist. The appropriate force develops an issues paper, identifying what the practice problems are, what guidance should be given or developed, and whether standards need to be amended or developed. The Board reacts to the issues paper and decides what action is appropriate. If it thinks a standard should be amended or developed, the task force is charged with the responsibility of drafting a proposal. In the process of drafting, the task force will often meet with the Board to get its views and tentative agreement o the issues. The task force presents a final proposal to the Board, which the Board will vote whether to expose for comment. Exposure drafts are sent to practice units, state societies of CPAs, and other groups knowledgeable about and concerned with auditing standards.
After a 90-day period, comments received are summarized and evaluated by the task force. The request for comments is not a popularity contest but rather a way to learn of issues that may not have been considered in drafting the proposal. The most helpful comments come from practitioners about implementatio problems.
CPAJ: Who typically responds to exposure drafts?
Sullivan: Large firms, state societies of CPAs, and, sometimes to a lesser extent, local firms. The extent of local firm response depends on the nature of the issue. We hear from regulators as well, such as the SEC that sends observer to our meetings, and other third parties such as the American Bar Association. We sometimes hear from companies, but not to the extent that AcSEC does. Companies usually stay on the sidelines when the standard is strictly audit related.
CPAJ: What's the next step?
Sullivan: The task force revises the proposed standard as it feels appropriate and presents it to the entire Board. The Board, after careful review and some editing of its own, votes to issue as a SAS or other pronouncement. The vote to issue requires a super majority of 10. The time frame from start to finish of a SAS can be as short as one year and as long as four or five.
CPAJ: What are the next big issues on the Board's agenda?
Sullivan: We plan to continue the expansion of areas for the CPA to give additional assurances to users and the public. Right now we are focusing on agreed-upon-procedures engagements and the expanding use of attestation standards.
The Attestation Standards
CPAJ: Exactly where are we headed in the use of attestation standards? Is this something local practitioners are likely to get involved with?
Sullivan: Attestation standards are in response to demands for greater involvement by auditors in nonfinancial presentations. Right now much of what i happening is being driven by the needs of regulators for additional assurances. For example, the recently issued Statement on Standards for Attestation Engagements No. 3 on compliance with laws and regulations is the basis for reporting on some of the requirements of the Federal Deposit Insurance Corporation Improvement Act (FDICIA). The attestation standards can also be of use in the area of systems. For example, electronic data exchange and other on-line activities having access to computer systems will create the need for assurances that the systems at third parties are operating effectively with the appropriate safeguards. The kind of assurances I am talking about go beyond financial controls into operating controls. Criteria will have to be developed and accepted that will enable the expression of the desired assurances.
Deborah D. Lambert: Most local practitioners may know that attestation standard exist, however, few of them have used them. The Board and the AICPA must acquaint the local CPA with those standards and related practice opportunities. While regulation, particularly related to FDICIA, has been driving the Board's activity in the development of these standards, I think there will be significant other practice opportunities.
Timothy E. Durbin: The Board does envision increasing use of the attestation standards in such areas as compliance with laws, controls over operations, investment performance, and other emerging areas. This will undoubtedly impact local practitioners. Unfortunately, I think many practitioners--and not just those from local firms--are confused about the relationship of the attestation standards to the auditing standards and how to deal with conflicting guidance between them. One of our goals is to clarify this issue, and we are continuing efforts to do so.
George A. Lewis: I see the principal involvement with attestation standards coming from regulatory requirements. And that will affect small practitioners because many of their clients are in regulated environments.
CPAJ: Why does reporting on internal control fall under the attestation standards?
Sullivan: SSAE No. 2 on reporting on management's assertion about the effectiveness of internal control structure over financial reporting, released last year, is a unique animal. We started to update SAS 30, Reporting on Internal Accounting Control, to reflect the expectation gap SASs, principally SAS 55.
As we proceeded, we saw there was a need to get the auditor back to the positio of expressing an opinion on an assertion being made by management, as it is wit the case of a financial statement. In doing this, we realized the attestation standards were the appropriate ones.
CPAJ: Reports on internal control are an important feature in audits of governmental units. Wouldn't it be useful if in revising Government Auditing Standards, "the yellow book," the GAO brought its internal control reporting requirements under the attestation standards?
Lambert: Yes it would be, but we don't have complete control over that. For the time being internal control reporting under the yellow book, the Single Audit Act, and OMB Circulars A-128 and A-133 will not be under the attestation standards.
Lewis: The draft revisions to the yellow book are extensive. They are more than just a framework in which to perform an audit. The amount of internal control testing and the definition of internal control is being expanded. Some states who have based their auditing requirements on the existing yellow book may not wish to continue doing so because of the extended requirements contemplated.
Sullivan: The regulators feel internal control is more important in the public sector. That's why there is a strong emphasis on internal controls in the proposed revisions. They want testing even if control risk is assessed at the maximum. That's understandable.
CPAJ: Why all the interest in agreed-upon-procedures engagements? They have bee with us for a while.
Sullivan: Agreed-upon procedures are especially important in the compliance wit laws and regulations area. The regulators and others concerned with compliance are in the best position to determine what work on compliance should be done. The agreed-upon-procedures approach seems to make the most sense at the present time. The specific issues get targeted by the third party, and unnecessary effort on the part of the practitioner is avoided.
Lambert: Many CPAs have failed to use agreed-upon-procedures engagements to creatively respond to needs in the marketplace and therefore have missed some business opportunities. These engagements can be very flexible. The subject matter as well as the scope of agreed-upon- procedures engagements can be diverse.
Lewis: I used to think the issue of what constituted an agreed-upon- procedures engagement was clear cut. But as we discuss the issue, I have realized it is not. When does a consulting engagement turn into an agreed-upon-procedures engagement?
Durbin: There are many kinds of agreed-upon-procedures engagements today, and more will be arising in the future in response to market demands. We currently have guidance on these engagements spread throughout the literature, and it is not always consistent. One of the principle goals of our current project on agreed-upon procedures is to make this guidance more consistent and user friendly.
Auditing Standards and The Local Practitioner
CPAJ: How do you think the local practitioner is doing in dealing with auditing standards?
Lambert: Local practitioners make every effort to use the standards properly. They are going to have to work even harder to stay on top of current developments as we expand practice areas such as attestation and agreed-upon-procedures engagements. Practitioners will have to continue to use practice aids and published materials, such as those produced by the AICPA and PPC to make sure they are on the "right page."
Sullivan: For the small-firm practitioner, it is a difficult job to keep pace with all that is happening. They have to know when to consult and call upon those around them--AICPA, state societies--that can help them.
Lewis: Many small firms in the 1960's, in my view, were lost when it came to doing audits. They had no systems in place; they were not trained in work paper technique. Fortunately, some publishers stepped forward and filled a need by furnishing materials to enable the small practitioner to do audits. Audit software also became available. If the materials are used properly, auditing standards are being complied with. So I think the means to comply is there.
CPAJ: Local practitioners routinely take a primarily all-substantive approach t the audit. SAS 55, with its emphasis on assessing control risk, has made it les clear to the auditor about just what that means. How do we resolve that problem
Sullivan: I think it is becoming more inappropriate for the auditor to rely exclusively on the substantive approach to auditing. First of all, in many case in small businesses, there are control elements that can allow the auditor to assess control risk at less than maximum and do less work. Second, because of technology and communications, access to assets and the movement of assets is s dynamic that providing quality service requires some knowledge of controls. The cash balance of today can be wired instantly to another bank. Clients will expect advice from their accountant about their systems and how to protect against unauthorized transactions.
Durbin: Controls may differ in a small business from those typically found in larger businesses, but they are no less important. Test of those controls usually results in a more effective and efficient audit and should therefore be of keen interest to all auditors.
The POB Report, "In the Public Interest"
CPAJ: What do you think about the POB report "In the Public Interest?" Is the Auditing Standards Board prepared to implement the recommendations directed towards it?
Sullivan: It is a step in the right direction. We are looking at the issues the POB directed to us, and there are not that many. Some are already in place--reporting on internal control, for example. I think overall it is a favorable document--it talks about liability reform. The profession needs to accept more responsibility, expand the audit beyond the financial statements. Standards are in place to do that. It is OK to talk about liability relief when it goes hand-in-hand with an expansion of services, services the public is seeking. Reports on the effectiveness of operating controls, which of course extend beyond the financial statements, yet are important to boards of director and investors, will move the practitioner into greater areas of risk that will require liability protection.
CPAJ: What is your view of mandatory reporting on internal control as recommended in the POB report and so strongly supported by the GAO?
Alvin A. Arens: A factor that must be recognized is that regulators and legislators are not concerned with cost. People from organizations like the FEI tend to focus more on cost. It would be hard to disagree with reporting on internal control if it were a free good. But it is not. Is it worth the cost? I am not convinced it is. We want U.S. businesses to be competitive. The more regulation we have, the more the cost.
CPAJ: While we are on the subject of internal control, does the COSO report do the job it was supposed to about providing meaningful criteria for reporting on internal control?
Sullivan: We think the concepts in COSO provide a useful and workable framework We are currently exploring how we can bring SAS 55 and COSO into agreement to remove the confusion of having definitional differences between the two frameworks. The fact some regulators have not accepted COSO as the basis for reporting on internal control doesn't bother me too much. The attestation standard provides the means of reporting based upon what ever criteria regulators or industry groups establish or adopt.
Durbin: COSO represents the first major effort to develop a comprehensive set o criteria against which management can evaluate an entity's controls--not just financial reporting controls, but all controls. Some may not agree with parts o the COSO framework, but there's no denying that it's a major step forward.
Auditing Standards and Audit Failures
CPAJ: Regulators examining auditor performance report seeing a lack of professional skepticism and problems with independence. What is the Board doing to get the CPA to be more skeptical and act in a more independent fashion?
Lewis: At a recent meeting, someone asked me what can a standard setter do to make a CPA stand up and tell it like it is. My conclusion was it was not dependent on the standards but the inner character of the auditor. Our profession is in deep trouble as long as a competitive mentality exists which permits someone's judgment to be influenced by fee considerations. The problems of the profession would be greatly reduced if we all acted in a truly professional manner. The key is intellectual integrity.
Arens: The standards are quite clear about the need to exercise skepticism. I question whether additional guidance is needed. Similarly, the standards also make it clear that an independent mental attitude is required. The issues here probably have more to do with the competitive environment than with auditing standards. I believe the Federal Trade Commission has been instrumental in creating excessive competition, which has fostered some of the individual failures of human beings to maintain their independence and professional skepticism. The 1986 tax act has also been a factor in contributing to work-loa compression and the environment for breakdowns. The competitiveness has caused firms to push the work down to a lower and lower level. So instead of experienced people finding and dealing with problems, inexperienced staff, who lack the judgement and perhaps confidence, are expected to move problems forwar to disposition. Revising auditing standards is not likely to solve this problem
CPAJ: We see and hear more about huge court awards and negotiated settlements over alleged audit failures amounting to previously unimaginable amounts. To what extent did auditing standards let the profession down or create an environment for this to happen?
Sullivan: Let me begin by saying there are thousands of audits that find material misstatements that get appropriately corrected. Existing standards contain a strong statement on responsibility for finding fraud. But they are based on a risk-assessment approach to make the service affordable.
A fraud audit could be performed for all audits. But in a fraud audit, each piece of paper is examined, every stone is turned over. The increased cost to society if all audits were performed this way would be doubled? quadrupled? Is the actual fraud not presently being detected greater than the increased cost t search for it? Probably not.
I could envision a situation where a previously healthy, straightforward compan runs into financial difficulty and perpetrates a fraud. The auditor might not recognize the change in circumstances and based upon a risk-assessment performs an audit assuming the company is still healthy. The fraud is missed. Did the auditor have an obligation to find the fraud. Yes? Did the auditor satisfy standards? I think so. There were no danger signs.
Many firms are changing their audit approaches to annually assess the business environment and conditions of their clients to establish overall audit risk: th risk of not finding the error or the fraud. If they see danger signs, they will adjust the audit approach--bring in more experienced people, involve specialists, consult with other partners and staff, expand the extent of testing, increase the extent of review.
CPAJ: You seem to be saying the standards have performed well and auditors are adjusting to increasing business risks. And yet the image of the CPA seems tarnished. What can the Board do?
Arens: Everybody's image is tarnished. What is the reputation of attorneys, physicians, journalists, and legislators in our society? We have a society that respects the professions less than it used to. It has higher expectations. The relative standing of CPAs to other professionals, I think, is still good. If CPAs think they can meet everybody's expectations, they are going to be forever frustrated. Audits for the most part, except for the enterprise being audited, are a free good. The SEC doesn't pay for it, the banker doesn't pay, Congress doesn't pay. Everybody that gets a free good expects the highest quality. When they don't get it, they are not satisfied. Don't misunderstand, however. It is the Board's responsibility to evaluate criticisms and to change standards to guide auditors to provide reasonable assurances to users.
Durbin: The expectation gap standards by and large accomplished what they were intended to do. Standards alone, however, can't close the gap. We have to recognize the world expects us to find fraud, more than we think ought to be expected. If we can obtain reasonable legal protection, we should be prepared t step forward and take on more responsibility for finding fraud.
Members As Individuals or Representatives of Firms
CPAJ: It is been observed by some that at times Board members seem to vote thei firm's point of view rather than their own. Are the members representing themselves or their firms?
Lewis: I have only noticed one or two times when I thought a particular board member was voting his or her firm's point of view rather than what he or she thought was right for the profession. There seems to be an honest effort on the part of every Board member to vote what is good for the profession. When I vote I am trying to represent the interests of the local firm--the local practitioner. My firm doesn't know how I vote, nor do they really seem to care.
CPAJ: Do the members from large firms dominate the process?
Lambert: The large firms send their best talent, supported by the technical resources of their organizations. It is difficult for local practitioners to be as prepared for discussions as the large firm representatives. The present members respect the views of all members. The large firms by no means vote as a block or seem to demonstrate common interests or points of view. The task force chairs tend to be members from the large firms. I think local practitioners should have more opportunity to provide leadership by serving as task force chairs.
Local Firm Benefits
CPAJ: As a representative of a small firm, what benefit do you derive from serving on the Board?
Lambert: Professionally, it is a wonderful experience. Our partners and staff support, respect, and admire my participation. I think my firm benefits in a significant but intangible way even though our clients don't understand, or care, what the Board is or does. It is very important that quality representation from small firms continues.
Lewis: A lot of small firms do not recognize the value of having a member of their firm on the ASB. They are too busy looking after client matters. Partners from small firms who serve on the ASB do so at a cost to the firm and to themselves. Clients don't really care. I serve because it is an honor to me. It is the best education in auditing that anyone could ever have. In the perfect world, all partners engaged in an audit practice should serve on the Board. It is a sacrifice to the small firm partner.
Improving the Process
CPAJ: How would you change what the ASB is doing?
Durbin: The AICPA has limited resources. We are tight on staff but still need t work harder to shorten the time-line on new standards. Our challenge is to deal with the important issues. We spend too much time editing and not enough time standards setting. Group discussion about sentence placement or grammar is not useful exercise.
Arens: I believe the Board does not spend enough time thinking about the broad issues facing the profession. We should spend more time debating and thinking about issues the Board should be addressing.
CPAJ: What is your vision for the ASB for the next year?
Sullivan: My vision is to continue to move the present projects to completion--soft information, agreed-upon-procedures--always seeking to expand the auditor's area of responsibility. We will be taking a look at expectation gap standards, responding to the proposals of the POB and the AICPA, and environmental auditing. We will have to modify reporting to better communicate uncertainty and the nature of accounting estimates. We are watching the progres of AcSEC's proposal for additional disclosures about risks and uncertainties to see if we need to give practitioners guidance. I will do my best to continue to build on the strong foundation we have.
CPAJ: What advice do you have for the small, local practitioner? How does he or she cope?
Sullivan: He or she must stay active in the state society, get on a committee, become knowledgeable in the area of practice, and attend training sessions. There is a sole proprietor that I went to school with. He and I talk all the time. We don't violate confidences, but we share experiences. I understand how tough it is to go it alone, but I believe it can be done. Many sole practitioners are doing an admirable job.
CPAJ: Thank you very much for participating in our discussion. We hope our readers have a better understanding of how the Board operates and the thinking of some of its members. Many will feel comforted that the practitioner from the local firm has not been forgotten.
MEET THE BOARD MEMBERS
John B. Sullivan
My last year as chair ends December 1994 and will mark the completion of seven years of service on the Board. I am pleased to note that during my tenure as chair we have been able to issue statements on standards for attestation engagements for reporting on internal control and compliance with laws and regulations and that significant progress is being made on new areas for the assurance function. The work being done by the "soft" information and other tas forces is also important.
I am a partner in the national office of Deloitte & Touche in Wilton, Connecticut where I am Director of Auditing Services. My career began in the firm's Houston office as an auditor and was seasoned during the downturn in the "oil patch" in the 1980's.
Alvin A. Arens
I have been a professor of accounting at Michigan State University for 25 years I was with a local CPA firm and Ernst & Young in Minneapolis. My primary area o teaching and research has been and is auditing. I am co-author with James Loebbecke of Auditing: An Integrated Approach and Applications of Statistical Sampling to Auditing and, most recently, co-author of Integrated Audit Practice Case with David Kerr. I am a partner with AHI Associates, a provider of staff training for local and regional CPA firms. I do continuing education and consultation in the practice community.
I am the member closest to representing a public perspective. I also bring a conceptual perspective. Standards should be consistent and conceptually based. attempt to maintain an awareness of research that is taking place and being reported in accounting and auditing journals. It is encouraging that the Board is responsive to research in auditing. I also concern myself with educational implications--are the standards teachable to students and to practitioners; are the standards readable?
A self-appointed role for me is to influence the Auditing Standards Division to appoint an academic to every task force. I believe academics bring research, independence, the public interest, concepts, and ideals to the standard setting process.
Timothy E. Durbin
I am a partner in the Detroit office of Arthur Andersen & Co., where, among other things, I am a practice director for several of our Midwestern offices. I have been a Board member for over three years, a member of the Audit Issues Tas Force, and a member or chair of several other Board task forces. I believe my extensive background of working with auditing practice issues brings a perspective to the Board which is helpful in the standard setting process.
Deborah D. Lambert
I am one of the founding partners of Johnson, Lambert, & Capron, a firm formed about seven years ago. We view ourselves as a boutique or niche firm in that we focus our attention on the financial services industry--insurance, mutual funds broker dealers, lending institutions-- and entrepreneurial businesses. It has worked out well for us; we have about 30 people. The Washington, D.C. area is our home base and we have small offices in Vermont and California. We do the usual compliance work: audits, tax returns and regulatory filings. We also do a lot of what might be considered litigation support work for insurance departments, the RTC, and entrepreneurial businesses. Don Neebes, a former Boar chairman from Ernst & Young, where I worked prior to establishing my own firm, encouraged me to be active in the profession and led me to participation on the Board.
What I want to bring to the Board, is the perspective of the small practitioner I try to see that the output of the Board is clearly understandable and usable by local practitioners. We don't have national offices nor the time to reinterpret new standards. The standards need to stand on their own and be immediately usable.
George A. Lewis
I began my career in 1958 with Arthur Andersen & Co. After a tour of duty in th military, I joined a local firm--the firm I am presently with. I have been active most of my career in the area of training and examinations and was a member of the AICPA Board of Examiners. After that I was invited to join the Board. I am in my fifth year, having been extended beyond the usual three-year period of service. The main thing I bring to the Board is a small-firm focus. While my firm with a staff approaching 100 in number is not small, our clientel are not big corporations. They are local businesses--much like the clients of any practitioner in a small city. While all the Board members have a basic interest in improving the audit process, the perspective between the small-firm practitioner and the large is at times different. The objective of the Board is to produce pronouncements that firms of all sizes can effectively implement, an my contribution would be give the impact of proposed changes on what local firm do. I am on the Audit Issues Task Force and chair of the task force on the internal control attestation standard.
ASB ACTIVE COMMITTEES, SUBCOMMITTEES, AND TASK FORCES
Audit Issues Task Force Agreed-Upon Procedures Task Force Analytical Procedures Task Force Audit Sampling Task Force Auditing "Soft" Accounting Information Task Force Computer Auditing Subcommittee Electronic Evidence Task Force Environmental Issues Task Force Forecast & Projections Task Force Fraud Task Force Internal Control Guidance Task Force(*) Reporting on Internal Control Task Force(**) SAS No. 11 Guidance Task Force (Using the Work of a Specialist) SAS No. 59 Task Force (Going Concern) SAS No. 68 Revision Task Force (Compliance Auditing Applicable to Governmental Entities that Receive Federal Financial Assistance) SAS No. 70 Auditing Procedure Study Task Force (Service-Center-Produced Records SEC Auditing Practice Task Force 9000 Review Task Force
* The task force is proposing necessary revisions to SAS No. 55, Consideration of the Internal Control Structure in a Financial Statement Audit, to reconcile with the Committee of Sponsoring Organizations (COSO) of the Treadway Commission's Report titled Internal Control Integrated Framework. The task forc is also considering whether revisions to other related professional standards i necessary.
** SSAE No. 2, Reporting on an Entity's Internal Control Structure Over Financial Reporting, was issued in May 1993. The SSAE supersedes SAS No. 30, Reporting on Internal Accounting Control. The task force is reviewing SAS No. 58, Reports on Audited Financial Statements, the Interpretation to SAS No. 8, Other Information in Documents Containing Audited Financial Statements, and the Interpretation to SAS No. 30 to determine whether this guidance needs to be amended as a result of the issuance of SSAE No. 2.
The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.